Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

This page was automatically generated and should not be edited.

Note

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

Tip

The table below can be re-ordered, by clicking column headers.

...

Include Page
Coverity_V
Coverity_V
CERT C Secure Coding Standard

Checker

Guideline

ALLOC_FREE_MISMATCH MEM31-C. Free dynamically allocated memory when no longer needed
ALLOC_FREE_MISMATCH CON30-C. Clean up thread-specific storage
ALLOC_FREE_MISMATCH (needs improvement) WIN30-C. Properly pair allocation and deallocation functions
ARRAY_VS_SINGLETON ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ARRAY_VS_SINGLETON ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
ASSERT_SIDE_EFFECT MSC11-C. Incorporate diagnostic tests using assertions
ASSERT_SIDE_EFFECTS PRE31-C. Avoid side effects in arguments to unsafe macros
BAD_ALLOC_ARITHMETIC ARR38-C. Guarantee that library functions do not form invalid pointers
BAD_ALLOC_STRLEN ARR38-C. Guarantee that library functions do not form invalid pointers
BAD_ALLOC_STRLEN MEM35-C. Allocate sufficient memory for an object
BAD_CHECK_OF_WAIT_COND CON41-C. Wrap functions that can fail spuriously in a loop

C checkers

BAD_COMPARE MSC02 EXP16-C. Avoid errors of omissionDo not compare function pointers to constant values
BAD_FREE MEM34-C. Only free memory allocated dynamically

CHAR_IO

FIO34-C. Use int to capture the return value of character IO functions

CHECKED_RETURN

FIO33-C. Detect and handle input output errors resulting in undefined behavior

DEADCODE

MSC07-C. Detect and remove dead code

BAD_SHIFT INT32-C. Ensure that operations on signed integers do not result in overflow
BAD_SHIFT INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
BAD_SIZEOF ARR38-C. Guarantee that library functions do not form invalid pointers
BAD_SIZEOF ARR39-C. Do not add or subtract a scaled integer to a pointer
BUFFER_SIZE ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
BUFFER_SIZE ARR38-C. Guarantee that library functions do not form invalid pointers
BUFFER_SIZE STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
CHAR_IO FIO34-C. Distinguish between characters read from a file and EOF or WEOF
CHECKED_RETURN FORWARD_NULL EXP34-C. Do not dereference null pointers
MISSING CHECKED_RETURN MSC02 POS54-C. Avoid errors of omissionDetect and handle POSIX library errors
CHECKED_RETURN EXP12

NEGATIVE_RETURNS

INT31-C. Ensure that integer conversions do not result in lost or misinterpreted dataDo not ignore values returned by functions
CONSTANT_EXPRESSION_RESULT EXP46-C. Do not use a bitwise operator with a Boolean-like operand
DEADCODE MSC07-C. Detect and remove dead code
DEADCODE NO_EFFECT MSC12-C. Detect and remove code that has no effect or is never executed
DIVIDE_BY_ZERO INT33

NULL_RETURNS

EXP34-C. Do not dereference null pointersEnsure that division and remainder operations do not result in divide-by-zero errors
DONT_CALL ENV33

OVERRUN_STATIC

STR35-C. Do not copy data from an unbounded source to a fixed-length array

OVERRUN_DYNAMIC

STR35-C. Do not copy data from an unbounded source to a fixed-length array

RESOURCE_LEAK

MEM31-C. Free dynamically allocated memory exactly once

RETURN_LOCAL

DCL30-C. Declare objects with appropriate storage durations

call system()
DONTCALL MSC30-C. Do not use the rand() function for generating pseudorandom numbers
EVALUATION_ORDER EXP30-C. Do not depend on the order of evaluation for side effects
EVALUATION_ORDER EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place
EVALUATION_ORDER (partial) CON40-C. Do not refer to an atomic variable twice in an expression
FORWARD_NULL REVERSE_INULL EXP34-C. Do not dereference null pointers
REVERSE INTEGER_NEGATIVE OVERFLOW INT31 INT30-C. Ensure that integer conversions do not result in lost or misinterpreted data

SIZECHECK

MEM35-C. Allocate sufficient memory for an object

STACK_USE

MEM05-C. Avoid large stack allocations

UNINIT

EXP33-C. Do not reference uninitialized memory

UNUSED_VALUE

MSC13-C. Detect and remove unused values

USE_AFTER_FREE

MEM30-C. Do not access freed memory, MEM31-C. Free dynamically allocated memory exactly once

VARARGS

No equivalent

C++ Checkers

CERT C++ Secure Coding Standard

BAD_OVERRIDE

No equivalent

CTOR_DTOR_LEAK

No equivalent

DELETE_ARRAY

No equivalent

INVALIDATE_ITERATOR

https://www.securecoding.cert.org/confluence/display/cplusplus/STL30-C.+Use+Valid+Iterators

PASS_BY_VALUE

No equivalent

UNCAUGHT_EXCEPT

https://www.securecoding.cert.org/confluence/display/cplusplus/ERR30-C.+Check+for+all+error+conditions

UNINIT_CTOR

No equivalent

WRAPPER_ESCAPE

No equivalent

Concurrency Checkers

CERT C Secure Coding Standard

LOCK

Out of scope

ORDER_REVERSAL

Out of scope

SLEEP

Out of scope

unsigned integer operations do not wrap
LOCK CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
MISRA 2012 Rule 13.2 CON40-C. Do not refer to an atomic variable twice in an expression
MISRA C 2004 17.2 ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
MISRA C 2004 17.3 ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
MISRA C 2004 Rule 10.x (needs investigation) FLP36-C. Preserve precision when converting integral values to floating-point type
MISRA C 2004 Rule 11.4 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA C 2004 Rule 11.5 EXP40-C. Do not modify constant objects
MISRA C 2004 Rule 12.3 EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
MISRA C 2004 Rule 13.4 FLP30-C. Do not use floating-point variables as loop counters
MISRA C 2004 Rule 15.0 DCL41-C. Do not declare variables inside a switch statement before the first case label
MISRA C 2004 Rule 20.1 DCL37-C. Do not declare or define a reserved identifier
MISRA C 2004 Rule 20.2 DCL37-C. Do not declare or define a reserved identifier
MISRA C 2012 18.2 ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
MISRA C 2012 18.3 ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
MISRA C 2012 Rule 8.1 DCL31-C. Declare identifiers before using them
MISRA C 2012 Rule 8.2 EXP37-C. Call functions with the correct number and type of arguments
MISRA C 2012 Rule 8.4 DCL40-C. Do not create incompatible declarations of the same function or object
MISRA C 2012 Rule 8.14 EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
MISRA C 2012 Rule 10.1 STR34-C. Cast characters to unsigned char before converting to larger integer sizes
MISRA C 2012 Rule 10.2 STR34-C. Cast characters to unsigned char before converting to larger integer sizes
MISRA C 2012 Rule 10.3 STR34-C. Cast characters to unsigned char before converting to larger integer sizes
MISRA C 2012 Rule 10.4 STR34-C. Cast characters to unsigned char before converting to larger integer sizes
MISRA C 2012 Rule 11.1 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA C 2012 Rule 11.2 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA C 2012 Rule 11.5 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA C 2012 Rule 11.7 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA C 2012 Rule 11.8 EXP32-C. Do not access a volatile object through a nonvolatile reference
MISRA C 2012 Rule 14.1 FLP30-C. Do not use floating-point variables as loop counters
MISRA C 2012 Rule 16.1 DCL41-C. Do not declare variables inside a switch statement before the first case label
MISRA C 2012 Rule 17.3 EXP37-C. Call functions with the correct number and type of arguments
MISRA C 2012 Rule 21.1 DCL37-C. Do not declare or define a reserved identifier
MISRA C 2012 Rule 21.2 DCL37-C. Do not declare or define a reserved identifier
MISRA C 2012 Rule 21.5 CON37-C. Do not call signal() in a multithreaded program
MISRA C 2012 Rule 22.5 FIO38-C. Do not copy a FILE object
MISRA C 2012 Rule 22.8 ERR30-C. Take care when reading errno
MISRA C 2012 Rule 22.8 ERR32-C. Do not rely on indeterminate values of errno
MISRA C 2012 Rule 22.8 ERR33-C. Detect and handle standard library errors
MISRA C 2012 Rule 22.9 ERR30-C. Take care when reading errno
MISRA C 2012 Rule 22.9 ERR32-C. Do not rely on indeterminate values of errno
MISRA C 2012 Rule 22.9 ERR33-C. Detect and handle standard library errors
MISRA C 2012 Rule 22.10 ERR30-C. Take care when reading errno
MISRA C 2012 Rule 22.10 ERR32-C. Do not rely on indeterminate values of errno
MISRA C 2012 Rule 22.10 ERR33-C. Detect and handle standard library errors
MISRA_CAST INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
MISRA_CAST (needs verification) FLP34-C. Ensure that floating-point conversions are within range of the new type
MISSING_BREAK MSC17-C. Finish every set of statements associated with a case label with a break statement
MISSING_LOCK CON32-C. Prevent data races when accessing bit-fields from multiple threads
MISSING_LOCK (partial) CON43-C. Do not allow data races in multithreaded code
MISSING_RETURN MSC37-C. Ensure that control never reaches the end of a non-void function
NEGATIVE_RETURNS INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
NEGATIVE_RETURNS ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
NO_EFFECT MSC12-C. Detect and remove code that has no effect or is never executed
NULL_RETURNS EXP34-C. Do not dereference null pointers
OPEN_ARGS FIO03-C. Do not make assumptions about fopen() and file creation
ORDER_REVERSAL CON35-C. Avoid deadlock by locking in a predefined order
OVERFLOW_BEFORE_WIDEN INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
OVERRUN ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
OVERRUN

Security checkers

CERT C Secure Coding Standard

BUFFER_SIZE STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator, ARR33-C. Guarantee that copies are made into storage of sufficient size

CHROOT

Out of scope

null terminator
PW EXP40-C. Do not modify constant objects
PW STR30-C. Do not attempt to modify string literals
PW STR38-C. Do not confuse narrow and wide character strings and functions
PW FIO47-C. Use valid format strings
PW.LINKAGE_CONFLICT DCL36-C. Do not declare an identifier with conflicting linkage classifications
PW.POINTER_CONVERSION_LOSES_BITS INT36-C. Converting a pointer to integer or integer to pointer

OPEN_ARGS

FIO03-C. Do not make assumptions about fopen() and file creation
READLINK POS30-C. Use the readlink() function properly
RESOURCE_LEAK MEM31-C. Free dynamically allocated memory when no longer needed
RESOURCE_LEAK MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
RESOURCE_LEAK (partial) FIO42-C. Close files when they are no longer needed
RETURN_LOCAL DCL30-C. Declare objects with appropriate storage durations
REVERSE_INULL EXP34

SECURE_CODING

STR35-C. Do not copy data from an unbounded source to a fixed-length array, others? dereference null pointers
REVERSE_NEGATIVE INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
REVERSE_NEGATIVE ARR32-C. Ensure size arguments for variable length arrays are in a valid range
SECURE_TEMP FIO43 FIO21-C. Do not create temporary files in shared directories , TMPxx-C. Temporary file names must be unique when the file is created
SIZECHECK (deprecated) MEM35-C. Allocate sufficient memory for an object
STACK_USE MEM05-C. Avoid large stack allocations
STRING_NULL STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
STRING_OVERFLOW STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL null terminator
STRING_NULL

STR32-C. Null-terminate byte strings as required

STRING_SIZE STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL null terminator
TAINTED_SCALAR ARR30-C. Guarantee that array indices are within the valid range, INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data, INT32-C. Ensure that operations on signed integers do not result in overflow
TAINTED_STRING FIO30-C. Exclude user input from format strings
TAINTED_STRING STR02-C. Sanitize data passed to complex subsystems ,
TOCTOU FIO45FIO30-C. Exclude user input from format strings, FIO02-C. Canonicalize path names originating from untrusted sources Avoid TOCTOU race conditions while accessing files
TOCTOU POS35-C. Avoid race conditions while checking for the existence of a symbolic link
TOCTOU

TOCTOU

FIO03-C. Do not make assumptions about fopen() and file creation, FIO01-C. Be careful using functions that use file names for identification , FIO08-C. Take care when calling remove() on an open file, others?
UNINIT EXP33-C. Do not read uninitialized memory
UNREACHABLE MSC07-C. Detect and remove dead code
UNREACHABLE MSC12-C. Detect and remove code that has no effect or is never executed
UNUSED_VALUE MSC13-C. Detect and remove unused values
USE_AFTER_FREE MEM30-C. Do not access freed memory
USE_AFTER_FREE FIO46-C. Do not access a closed file
USE_AFTER_FREE MEM01-C. Store a new value in pointers immediately after free()
Various concurrency checkers POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
VOLATILE_ATOICITY (possible) CON40-C. Do not refer to an atomic variable twice in an expression

USER_POINTER

No equivalent